The present invention relates to techniques for encryption communication via a communication network such as the Internet.
Technologies of a Virtual Private Network (VPN) are utilized for proper accesses from household communication terminals to corporate information resources and for secure interconnections between local networks at corporate sites.
Description will be made, for example, on secure communication between an external communication terminal (hereinafter called an external terminal where appropriate) coupled to an external network such as the Internet and an internal communication terminal (hereinafter called an internal terminal where appropriate) coupled to an intra-organization network such as a corporate network.
First, the external communication terminal transmits a connection request for the internal communication terminal to a VPN apparatus at an input port of the intra-organization network from the Internet. The VPN apparatus authenticates the external communication terminal by using a public key certificate (hereinafter described as “certificate”) or the like to thereby confirm that the external communication terminal can access the internal communication terminal. The external communication terminal authenticates the VPN apparatus by using a certificate or the like.
After the external communication terminal and VPN apparatus authenticate mutually, an encryption key is shared by the external communication terminal and VPN apparatus to encrypt data to be transferred between the external communication terminal and VPN apparatus by using the encryption key. The VPN apparatus is coupled to the internal communication terminal to relay data requested by the external communication terminal.
In this manner, the external communication terminal can communicate with the internal communication terminal via the VPN apparatus. Data to be transferred between the external communication terminal and VPN apparatus is encrypted, so that secure communication is possible.
Functional description of an apparatus supplying VPN technologies is disclosed, for example, NORTEL NETWORKS, “Alteon SSL VPN”., NORTEL NETWORKS, PP. 2 to 3, <http://www.nortel.com/products/01/alteon/sslvpn/collateral/nn102960-073103.pdf>